summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-01-25fold in next changes entriestor-0.2.2.22-alphaRoger Dingledine
2011-01-25Merge branch 'maint-0.2.2' into release-0.2.2Roger Dingledine
2011-01-25Tell which geoip file we're parsingSebastian Hahn
2011-01-25Fix assert for relay/bridge state changeSebastian Hahn
When we added support for separate client tls certs on bridges in a2bb0bfdd5 we forgot to correctly initialize this when changing from relay to bridge or vice versa while Tor is running. Fix that by always initializing keys when the state changes. Fixes bug 2433.
2011-01-25bump to 0.2.2.22-alphaRoger Dingledine
2011-01-24fold in changelog entriesRoger Dingledine
2011-01-24Merge branch 'maint-0.2.2' into release-0.2.2Roger Dingledine
2011-01-24Make the DH parameter we use for TLS match the one from Apache's mod_sslNick Mathewson
Our regular DH parameters that we use for circuit and rendezvous crypto are unchanged. This is yet another small step on the path of protocol fingerprinting resistance.
2011-01-20Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson
2011-01-20Merge remote branch 'rransom/policy_summarize-assert' into maint-0.2.1Nick Mathewson
2011-01-20Fix bounds-checking in policy_summarizeRobert Ransom
Found by piebeer.
2011-01-19Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson
2011-01-19Oops; actually add the code to the last patch. :/Nick Mathewson
2011-01-19Fix two more SIZE_T_CEILING issuesNick Mathewson
This patch imposes (very long) limits on the length of a line in a directory document, and on the length of a certificate. I don't think it should actually be possible to overrun these remotely, since we already impose a maximum size on any directory object we're downloading, but a little defensive programming never hurt anybody. Roger emailed me that doorss reported these on IRC, but nobody seems to have put them on the bugtracker.
2011-01-18fix 0.2.2 changelog to match 0.2.1Roger Dingledine
2011-01-18Merge branch 'maint-0.2.2' into release-0.2.2Roger Dingledine
2011-01-18Merge branch 'maint-0.2.1' into maint-0.2.2Roger Dingledine
2011-01-18be the winner, rewrite historyRoger Dingledine
2011-01-15fold in another set of changestor-0.2.2.21-alphaRoger Dingledine
2011-01-15Merge branch 'maint-0.2.2' into release-0.2.2Roger Dingledine
2011-01-15Merge commit 'sebastian/bug2317' into maint-0.2.2Roger Dingledine
2011-01-15add in missing changelog entriesRoger Dingledine
2011-01-15Merge branch 'maint-0.2.2' into release-0.2.2Roger Dingledine
2011-01-15Merge branch 'maint-0.2.1' into maint-0.2.2Roger Dingledine
2011-01-150.2.1.29 changelog and blurbRoger Dingledine
2011-01-15fold in more changes entriesRoger Dingledine
2011-01-15repeat overlapping changelog entriesRoger Dingledine
2011-01-15bump to 0.2.2.21-alphaRoger Dingledine
2011-01-15Merge branch 'maint-0.2.2' into release-0.2.2Roger Dingledine
2011-01-15Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson
2011-01-15Fix a couple of non-cleared key issues in hidden servicesNick Mathewson
we need to do more hunting, but this fixes the ones mentioned in 2385.
2011-01-15Zero out some more key data before freeing itNick Mathewson
Found by cypherpunks; fixes bug 2384.
2011-01-15Update the spec with the new boundsSebastian Hahn
2011-01-15Tighten accepted circwindow parametersSebastian Hahn
Based on discussion in bug 2317, these values seem to be sane.
2011-01-15Provide constant limits for all consensus paramsSebastian Hahn
This addresses Nick's concern about doing non-constant bounds checking inside networkstatus_get_param().
2011-01-15Fix a typo spotted by RogerSebastian Hahn
2011-01-15Sanity-check consensus param valuesSebastian Hahn
We need to make sure that the worst thing that a weird consensus param can do to us is to break our Tor (and only if the other Tors are reliably broken in the same way) so that the majority of directory authorities can't pull any attacks that are worse than the DoS that they can trigger by simply shutting down. One of these worse things was the cbtnummodes parameter, which could lead to heap corruption on some systems if the value was sufficiently large. This commit fixes this particular issue and also introduces sanity checking for all consensus parameters.
2011-01-15Make get_net_param_from_list() staticSebastian Hahn
This prepares for making the accessor method for consensus parameters safer in the next commit.
2011-01-15Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson
Conflicts: src/or/routerparse.c src/or/test.c
2011-01-15Merge branch 'bug2352_obsize' into maint-0.2.1Nick Mathewson
2011-01-15Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson
2011-01-15Add missing check for hostname answer_len in dnsserv sizeNick Mathewson
This is checked elsewhere too, but let's be RFC-conformant.
2011-01-15Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson
2011-01-15Merge branch 'bug2332_part2' into maint-0.2.1Nick Mathewson
2011-01-15Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson
2011-01-15Merge branch 'bug2324_uncompress' into maint-0.2.1Nick Mathewson
2011-01-15clean up message; explain a magic number in a commentNick Mathewson
2011-01-15Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2Nick Mathewson
Conflicts: src/or/config.c src/or/networkstatus.c src/or/rendcommon.c src/or/routerparse.c src/or/test.c
2011-01-15make the description of tolen_asserts more direNick Mathewson
We have a CVE # for this bug.
2011-01-15Fix a heap overflow found by debuger, and make it harder to make that ↵Nick Mathewson
mistake again Our public key functions assumed that they were always writing into a large enough buffer. In one case, they weren't. (Incorporates fixes from sebastian)
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion